Option to protect against xxs?

In ColdFusion you could tick in the administrator an option to protect against xxs, that option isn’t in Lucee that I can see. Does it exist?

CloudLinux v7.9.0

it’s not super robust, you still need to use the encodeForHtml etc


Got it thanks

1 Like

Got it @Zackster Thanks…

And depending on the output you are using and where you are using it, use the respective alternatives like encodeForHTMLAttribute(), encodeForJavascript(), etc. Sometimes you need to use both in combination, like I’ve posted at the end of this stackoverflow answer about escaping output

The acronym for Cross-Site Scripting is XSS which I mention to improve search results for this topic. :slight_smile:

1 Like